Breach of the data protection peace

With the ICO rarely fining for breaches of the Data Protection Act, are businesses breaking rules as they can get away with it or is the ICO bringing about some other type of corporate telling off?

You don't have to read too far into the Information Commissioner's Office (ICO) website to find its mission statement. The ICO has been established to "Uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals."

Lone justice?

With this declaration in mind, one might naturally question the statistics pertaining to recent judiciary actions carried out by the ICO. Reports earlier this year highlighted the fact just 36 out of 2,565 data breaches were acted upon by the ICO, with only four cases resulting in monetary fines.

Advertisement - Article continues below

Security vendors from far and wide have used this apparent' shortfall in regulatory discipline as a platform for reinforcing the effectiveness of their data protection products. So as the Data Protection Act (DPA) and issues relating to information compliance gain an ever-greater number of column inches, is it time to question whether we are at an industry tipping point and about to fall?

Is it time to question whether we are at an industry tipping point and about to fall?

"The reports noting that just one per cent of data breaches have been fined by the ICO risk undermining its power to force companies to take their internal security measures seriously," said Nigel Hawthorn, vice president of EMEA marketing for Blue Coat Systems.

Advertisement
Advertisement - Article continues below

"When the ICO increased the maximum fine tenfold from 50,000 to half a million pounds last year, this should have sent a clear message to the market that companies needed to get their house in order. But why bother sharpening the ICO's teeth if they are not prepared to bite?"

Advertisement - Article continues below

Industry opinion appears to lay part of the blame for compliance issues on the proliferation of devices and flexibility of new work practices. Both of these factors are further fuelled by the consumerisation of IT, which makes it increasingly difficult for companies to protect data and increasingly easy to lose it.

Matthew Tomlinson, a board director at secure network specialist Secure Data, said we will see an increase in audits and fines from the ICO over the coming years, but companies really need to take responsibility for data protection and start policing themselves.

"In practice it is unrealistic for the ICO to audit every company; they do not have the resources or the capacity," he said.

"However, we are seeing larger corporations already beginning to police themselves due, foremost, to the fear of public backlash if they were to have a major data breach. You only have to look at the recent Sony data breach to see the public affect it has on the company."

Featured Resources

Don’t just collect data, innovate with it.

Removing the barriers to the experience economy

Download now

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

How organisations unlock their data capital with artificial intelligence

The thoughtful application of AI offers hope to organisations looking for actionable insight

Download now

Digital Transformation Planning Report 2020

An in-depth look at how IT leaders are approaching digital transformation

Download now
Advertisement

Most Popular

Visit/software/video-conferencing/355009/microsoft-teams-goes-down-as-the-world-starts-mass-remote
video conferencing

Microsoft Teams goes down as the world starts mass remote working

16 Mar 2020
Visit/mobile/mobile-phones/355002/your-iphone-is-a-petri-dish-heres-how-to-clean-it
Mobile Phones

Your iPhone is a petri dish. Here's how to clean it

13 Mar 2020
Visit/operating-systems/26138/how-to-speed-up-windows-10
operating systems

How to speed up Windows 10

4 Mar 2020
Visit/technology/artificial-intelligence-ai/355003/when-it-comes-to-ai-the-eu-is-a-very-small-fish-in-a
artificial intelligence (AI)

When it comes to AI, the EU is a very small fish in a very big pond

13 Mar 2020